Contents

Port mirroring commands· 1

display mirroring-group· 1

mirroring-group· 3

mirroring-group mirroring-cpu· 3

mirroring-group mirroring-port (interface view) 4

mirroring-group mirroring-port (system view) 5

mirroring-group monitor-egress· 6

mirroring-group monitor-port (interface view) 7

mirroring-group monitor-port (system view) 9

mirroring-group remote-probe vlan· 11

Flow mirroring commands· 13

display monitoring-group· 13

mirror-to cpu· 14

mirror-to grpc· 15

mirror-to interface· 16

mirroring erspanv3 switch-id· 18

 

Port mirroring commands

display mirroring-group

Use display mirroring-group to display mirroring group information.

Syntax

display mirroring-group { group-id | all | local | remote-destination | remote-source }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 256.  

all: Specifies all mirroring groups.

local: Specifies local mirroring groups.

remote-destination: Specifies remote destination groups.

remote-source: Specifies remote source groups.

Usage guidelines

Mirroring group information includes the type, status, and content of a mirroring group. It is sorted by mirroring group number.

Examples

# Display information about all mirroring groups.

<Sysname> display mirroring-group all

Mirroring group 1:

    Type: Local

    Status: Active

    Mirroring port:

      HundredGigE1/1/1  Inbound

    Monitor port:

      HundredGigE1/1/2

      HundredGigE1/1/3

      HundredGigE1/1/4

Mirroring group 2:

    Type: Local

    Status: Active

    Mirroring port:

      HundredGigE1/1/5  Inbound

    Monitor port:

      HundredGigE1/1/6

        Encapsulation: Destination IP address 1.1.1.1

                       Source IP address 2.2.2.2

                       DSCP 1

                       VLAN 2

                       VRF Instance 3

                       Destination MAC address 0011-0200-0211

 

Mirroring group 3:

    Type: Local

    Status: Active

    Mirroring port:

      GigabitEthernet2/0/1  Inbound

    Monitor port:

      GigabitEthernet2/0/2

        Encapsulation: Destination IPv6 address 100:100:100:100:100:100:100:100

                       Source IPv6 address 200:200:200:200:200:200:200:200

                       Destination MAC address 000f-e241-5e5b

Table 1 Command output

Field	Description
Mirroring group	Number of the mirroring group.
Type	Type of the mirroring group: ·     Local. ·     Remote source. ·     Remote destination.
Status	Status of the mirroring group: ·     Active—The mirroring group has taken effect. ·     Incomplete—The mirroring group configuration is not complete and does not take effect.
Mirroring port	Source port.
Encapsulation	Encapsulation parameters of the mirrored packets.
Mirroring CPU	Source CPU.
Monitor port	Destination port.
Destination IP address	Destination IP address in the outer header of the GRE-encapsulated mirrored packets.
Source IP address	Source IP address in the outer header of the GRE-encapsulated mirrored packets.
Destination IPv6 address	Destination IPv6 address in the outer header of the GRE-encapsulated mirrored packets.
Source IPv6 address	Source IPv6 address in the outer header of the GRE-encapsulated mirrored packets.
DSCP	DSCP value in the outer header of the GRE-encapsulated mirrored packets.
VLAN	VLAN in the outer header of the GRE-encapsulated mirrored packets.
VRF Instance	VPN instance whose routing table is used to direct forwarding of the mirrored packets.
Destination MAC address	Destination MAC address in the outer header of the GRE-encapsulated mirrored packets.

‌

mirroring-group

Use mirroring-group to create a mirroring group.

Use undo mirroring-group to delete mirroring groups.

Syntax

mirroring-group group-id { local | remote-destination | remote-source }

undo mirroring-group { group-id | all | local | remote-destination | remote-source }

Default

No mirroring groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group ID.  The value range for this argument is 1 to 256. 

local: Specifies local mirroring groups.

remote-destination: Specifies remote destination groups.

remote-source: Specifies remote source groups.

all: Specifies all mirroring groups.

Examples

# Create local mirroring group 1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

mirroring-group mirroring-cpu

Use mirroring-group mirroring-cpu to configure source CPUs for a mirroring group.

Use undo mirroring-group mirroring-cpu to remove source CPUs from a mirroring group.

Syntax

mirroring-group group-id mirroring-cpu slot slot-number { both | inbound | outbound }

undo mirroring-group group-id mirroring-cpu slot slot-number

Default

No source CPU is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist.  The value range for this argument is 1 to 256.

slot slot-number: Specifies the slot number of the device, which is fixed at 1.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source CPUs only for local mirroring groups and remote source groups.

Examples

# ‌‌Create local mirroring group 1 to monitor the inbound traffic of the CPU on the specified slot.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-cpu slot 1 inbound

Related commands

mirroring-group

mirroring-group mirroring-port (interface view)

Use mirroring-group mirroring-port to configure a port as a source port for a mirroring group.

Use undo mirroring-group mirroring-port to restore the default.

Syntax

mirroring-group group-id mirroring-port { both | inbound | outbound }

undo mirroring-group group-id mirroring-port

Default

A port does not act as a source port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 256. 

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source ports only for local mirroring groups and remote source groups.

A Layer 2 or Layer 3 aggregate interface cannot be configured as a source port for a mirroring group.

Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of the port HundredGigE 1/1/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface hundredgige 1/1/1

[Sysname-HundredGigE1/1/1] mirroring-group 1 mirroring-port both

# Create remote source group 2 to monitor the bidirectional traffic of the port HundredGigE 1/1/2.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface hundredgige 1/1/2

[Sysname-HundredGigE1/1/2] mirroring-group 2 mirroring-port both

Related commands

mirroring-group

mirroring-group mirroring-port (system view)

Use mirroring-group mirroring-port to configure source ports for a mirroring group.

Use undo mirroring-group mirroring-port to remove source ports from a mirroring group.

Syntax

mirroring-group group-id mirroring-port interface-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-port interface-list

Default

No source port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 256. 

interface-list: Specifies a space-separated list of up to eight interface items. Each item specifies an interface by its type and number or specifies a range of interfaces in the form of interface-type interface-number1 to interface-type interface-number2. When you specify a range of interfaces, the interfaces must be of the same type and on the same slot. The start interface number must be identical to or lower than the end interface number.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source ports only for local mirroring groups and remote source groups.

A Layer 2 or Layer 3 aggregate interface cannot be configured as a source port for a mirroring group.

Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of HundredGigE 1/1/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-port hundredgige 1/1/1 both

# Create remote source group 2 to monitor the bidirectional traffic of HundredGigE 1/1/2.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] mirroring-group 2 mirroring-port hundredgige 1/1/2 both

Related commands

mirroring-group

mirroring-group monitor-egress

Use mirroring-group monitor-egress to configure the egress port for a remote source group.

Use undo mirroring-group monitor-egress to restore the default.

Syntax

In system view:

mirroring-group group-id monitor-egress interface-type interface-number

undo mirroring-group group-id monitor-egress interface-type interface-number

In interface view:

mirroring-group group-id monitor-egress

undo mirroring-group group-id monitor-egress

Default

No egress port is configured for a remote source group.

Views

System view

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 256. 

interface-type interface-number: Specifies a port by its type and number.

Usage guidelines

You can configure egress ports only for remote source groups.

For port mirroring to work correctly, disable the following features on the egress port of a mirroring group:

·     Spanning tree.

·     802.1X.

·     IGMP snooping.

·     Static ARP.

·     MAC address learning.

The member port of an existing mirroring group cannot be configured as an egress port.

The member port of an aggregate interface cannot be configured as an egress port.

Examples

# Create remote source group 1. Configure HundredGigE 1/1/1 as its egress port in system view.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 monitor-egress hundredgige 1/1/1

# Create remote source group 2. Configure HundredGigE 1/1/2 as its egress port in interface view.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface hundredgige 1/1/2

[Sysname-HundredGigE1/1/2] mirroring-group 2 monitor-egress

Related commands

mirroring-group

mirroring-group monitor-port (interface view)

Use mirroring-group monitor-port to configure a port as the monitor port for a mirroring group.

Use undo mirroring-group monitor-port to restore the default.

Syntax

mirroring-group group-id monitor-port [ { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address } [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * [ destination-mac mac-address ] | destination-mac mac-address ]

undo mirroring-group group-id monitor-port

Default

A port does not act as the monitor port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 256. 

destination-ip destination-ip-address: Specifies the destination IP address for the mirrored packets.

source-ip source-ip-address: Specifies the source IP address for the mirrored packets.

destination-ipv6 destination-ipv6-address: Specifies the destination IPv6 address for the mirrored packets.

source-ipv6 source-ipv6-address: Specifies the source IPv6 address for the mirrored packets.

dscp dscp-value: Specifies the DSCP value for the mirrored packets. The dscp-value argument can be a number in the range of 0 to 63 or a keyword in Table 2. The default DSCP value is 0.

Table 2 DSCP keywords and values

Keyword	DSCP value in binary	DSCP value in decimal
af11	001010	10
af12	001100	12
af13	001110	14
af21	010010	18
af22	010100	20
af23	010110	22
af31	011010	26
af32	011100	28
af33	011110	30
af41	100010	34
af42	100100	36
af43	100110	38
cs1	001000	8
cs2	010000	16
cs3	011000	24
cs4	100000	32
cs5	101000	40
cs6	110000	48
cs7	111000	56
default	000000	0
ef	101110	46

‌

vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094 for the mirrored packets.

vrf-instance vrf-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. The mirrored packets will be forwarded based on the routing table of the specified VPN instance.

destination-mac mac-address: Specifies the destination MAC address for mirrored packets. The mac-address argument is in the format of H-H-H. If you do not specify this option, the device uses the destination IP address to obtain the destination MAC address. If the destination MAC address cannot be obtained, the default MAC address 000f-e241-5e5b is used.

Usage guidelines

You can configure monitor ports only for local mirroring groups and remote destination groups.

Do not enable the spanning tree feature on the monitor port of a mirroring group.

For a Layer 2 aggregate interface configured as the monitor port of a mirroring group, do not perform either of the following tasks:

·     Configure its member ports as source ports of the mirroring group.

Use a monitor port only for port mirroring, so the data monitoring device receives and analyzes only the mirrored traffic.

The member port of an existing mirroring group cannot be configured as a monitor port.

The member port of an aggregate interface cannot be configured as a monitor port.

Examples

# Create local mirroring group 1 and configure HundredGigE 1/1/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface hundredgige 1/1/1

[Sysname-HundredGigE1/1/1] mirroring-group 1 monitor-port

# Create remote destination group 2 and configure HundredGigE 1/1/2 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] interface hundredgige 1/1/2

[Sysname-HundredGigE1/1/2] mirroring-group 2 monitor-port

# Create local mirroring group 3. Specify HundredGigE 1/1/1 as its monitor port and configure the encapsulation parameters including the source and destination IP addresses, DSCP value, VLAN, and VPN instance for the mirrored packets.

<Sysname> system-view

[Sysname] mirroring-group 3 local

[Sysname] interface hundredgige 1/1/1

[Sysname-HundredGigE1/1/1] mirroring-group 3 monitor-port destination-ip 1.1.1.1 source-ip 3.3.3.3 dscp 1 vlan 1 vrf-instance 122

Related commands

mirroring-group

mirroring-group monitor-port (system view)

Use mirroring-group monitor-port to configure the monitor ports for a mirroring group.

Use undo mirroring-group monitor-port to remove the monitor ports from a mirroring group.

Syntax

mirroring-group group-id monitor-port interface-list [ { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address } [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * [ destination-mac mac-address ] | destination-mac mac-address ]

undo mirroring-group group-id monitor-port interface-list

Default

No monitor port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 256. 

interface-list: Specifies a space-separated list of up to eight interface items. Each item specifies an interface by its type and number or specifies a range of interfaces in the form of interface-type interface-number1 to interface-type interface-number2. When you specify a range of interfaces, the interfaces must be of the same type and on the same slot. The start interface number must be identical to or lower than the end interface number.

interface-type interface-number: Specifies an interface by its type and number.

destination-ip destination-ip-address: Specifies the destination IP address for the mirrored packets.

source-ip source-ip-address: Specifies the source IP address for the mirrored packets.

destination-ipv6 destination-ipv6-address: Specifies the destination IPv6 address for the mirrored packets.

source-ipv6 source-ipv6-address: Specifies the source IPv6 address for the mirrored packets.

dscp dscp-value: Specifies the DSCP value for the mirrored packets. The dscp-value argument can be a number in the range of 0 to 63 or a keyword in Table 2. The default DSCP value is 0.

vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094 for the mirrored packets.

vrf-instance vrf-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. The mirrored packets will be forwarded based on the routing table of the specified VPN instance.

destination-mac mac-address: Specifies the destination MAC address for mirrored packets. The mac-address argument is in the format of H-H-H. If you do not specify this option, the device uses the destination IP address to obtain the destination MAC address. If the destination MAC address cannot be obtained, the default MAC address 000f-e241-5e5b is used.

Usage guidelines

You can configure monitor ports only for local mirroring groups and remote destination groups.

Do not enable the spanning tree feature on the monitor port of a mirroring group.

For a Layer 2 aggregate interface configured as the monitor port of a mirroring group, do not perform any of the following tasks:

·     Configure its member ports as source ports of the mirroring group.

Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.

The member port of an existing mirroring group cannot be configured as a monitor port.

The member port of an aggregate interface cannot be configured as a monitor port.

Examples

# Create local mirroring group 1 and configure HundredGigE 1/1/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 monitor-port hundredgige 1/1/1

# Create remote destination group 2 and configure HundredGigE 1/1/2 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] mirroring-group 2 monitor-port hundredgige 1/1/2

# Create local mirroring group 3 and configure ports HundredGigE 1/1/1 through HundredGigE 1/1/3 and HundredGigE 1/1/5 as its monitor ports.

<Sysname> system-view

[Sysname] mirroring-group 3 local

[Sysname] mirroring-group 3 monitor-port hundredgige 1/1/1 to hundredgige 1/1/3 hundredgige 1/1/5

# Create local mirroring group 4. Specify HundredGigE 1/1/1 as its monitor port and configure the encapsulation parameters including the source and destination IP addresses, DSCP value, VLAN, and VPN instance for the mirrored packets.

<Sysname> system-view

[Sysname] mirroring-group 4 local

[Sysname] mirroring-group 4 monitor-port hundredgige 1/1/1 destination-ip 1.1.1.1 source-ip 3.3.3.3 dscp 1 vlan 1 vrf-instance 122

Related commands

mirroring-group

mirroring-group remote-probe vlan

Use mirroring-group remote-probe vlan to specify a VLAN as the remote probe VLAN for a mirroring group.

Use undo mirroring-group remote-probe vlan to restore the default.

Syntax

mirroring-group group-id remote-probe vlan vlan-id

undo mirroring-group group-id remote-probe vlan vlan-id

Default

No remote probe VLAN is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID.  The value range for this argument is 1 to 256.

vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

Usage guidelines

You can configure remote probe VLANs only for remote source groups and remote destination groups.

When a VLAN is configured as a remote probe VLAN, use the VLAN for port mirroring exclusively.

The remote mirroring groups on the source device and destination device must use the same remote probe VLAN.

Only a static VLAN that already exists can be configured as a remote probe VLAN. A VLAN can be configured as the remote probe VLAN for only one mirroring group.

To delete a VLAN that is configured as a remote probe VLAN, remove the remote probe VLAN configuration first.

Examples

# Create remote source group 1 and configure VLAN 10 as its remote probe VLAN.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 remote-probe vlan 10

# Create remote destination group 2 and configure VLAN 20 as its remote probe VLAN.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] mirroring-group 2 remote-probe vlan 20

Related commands

mirroring-group

Flow mirroring commands

display monitoring-group

Use display monitoring-group to display monitoring group information.

Syntax

display monitoring-group { group-id | all }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-id: Specifies a monitoring group by its number. The value range for this argument is 1 to 4112.

all: Specifies all monitoring groups.

Examples

# Display information about all monitoring groups.

<Sysname> display monitoring-group all

Monitoring group 1:

  Monitoring ports: HundredGigE1/1/2

                    HundredGigE1/1/3

                    HundredGigE1/1/4

Table 3 Command output

Field	Description
Monitoring group	ID of the monitoring group.
Monitoring ports	Monitoring ports in the monitoring group.

‌

# Display information about all monitoring groups. (Devices that support encapsulation parameter configuration.)

<Sysname> display monitoring-group all

Monitoring group 1:

  Monitoring ports:

    HundredGigE1/1/4

    HundredGigE1/1/5

  Monitoring ports:

    HundredGigE1/1/6

      Encapsulation: Destination IP address 1.1.1.1

                     Source IP address 2.2.2.2

                     DSCP 1

                     VLAN 2

                     VRF Instance aa

                     Destination MAC address 0011-0200-0211

  Monitoring ports:

    Dynamic Interface

      Encapsulation: Destination IP address 3.3.3.3

                     Source IP address 4.4.4.4

                     DSCP 11

                     VLAN 21

                     VRF Instance bb

                     Destination MAC address 0022-0301-2211

                     Erspanv3

Table 4 Command output

Field	Description
Monitoring group	ID of the monitoring group.
Monitoring ports	Monitoring ports in the monitoring group.
Encapsulation	Encapsulation parameters of the mirrored packets.
Destination IP address	Destination IP address in the outer header of the GRE-encapsulated mirrored packets.
Source IP address	Source IP address in the outer header of the GRE-encapsulated mirrored packets.
DSCP	DSCP value in the outer header of the GRE-encapsulated mirrored packets.
VLAN	VLAN in the outer header of the GRE-encapsulated mirrored packets.
VRF Instance	VPN instance whose routing table is used to direct forwarding of the mirrored packets.
Destination MAC address	Destination MAC address in the outer header of the GRE-encapsulated mirrored packets.
Erspanv3	Encapsulating mirrored packets by using ERSPANv3 when you flow-mirror traffic to a monitoring group.

‌

mirror-to cpu

Use mirror-to cpu to configure a mirroring action that mirrors traffic to the CPU.

Use undo mirror-to cpu to delete the mirroring action that mirrors traffic to the CPU.

Syntax

mirror-to cpu

undo mirror-to cpu

Default

No mirroring action exists to mirror traffic to the CPU.

Views

Traffic behavior view

Predefined user roles

network-admin

Examples

# Create traffic behavior 1 and configure the action of mirroring traffic to the CPU for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to cpu

mirror-to grpc

Use mirror-to grpc to configure a mirroring action that mirrors traffic to gRPC.

Use undo mirror-to grpc to delete the mirroring action that mirrors traffic to gRPC.

Syntax

mirror-to grpc

undo mirror-to grpc

Default

No mirroring action exists to mirror traffic to gRPC.

Views

Traffic behavior view

Predefined user roles

network-admin

Usage guidelines

Google Remote Procedure Call (gRPC) is a Google developed framework for remote procedure calls. gRPC provides a programmable method for monitoring and managing network devices.

This command enables the device to mirror traffic matching the traffic class in the QoS policy to the directly-connected gRPC network management server for traffic analysis.

For more information about gRPC, visit website www.grpc.io. For information about how to configure the gRPC network management server, see the network management server configuration guide.

Examples

# Create traffic behavior 1 and configure a mirroring action that mirrors traffic to gRPC.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to grpc

mirror-to interface

Use mirror-to interface to configure a mirroring action that mirrors traffic to an interface.

Use undo mirror-to interface to delete a mirroring action that mirrors traffic to an interface.

Syntax

Syntax 1:

mirror-to interface interface-type interface-number [ backup-interface interface-type interface-number ] [ sampler sampler-name ] [ truncation ] [ { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address } [ erspanv3 | dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * ] [ destination-mac mac-address ]

undo mirror-to interface interface-type interface-number

Syntax 2:

mirror-to interface { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address } [ erspanv3 | sampler sampler-name ] [ truncation ] [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * [ destination-mac mac-address ]

undo mirror-to interface { destination-ip destination-ip-address source-ip source-ip-address| destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address }

Default

No mirroring actions exist to mirror traffic to interfaces.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

destination-ip destination-ip-address: Specifies the destination IP address for the mirrored packets.

source-ip source-ip-address: Specifies the source IP address for the mirrored packets.

destination-ipv6 destination-ipv6-address: Specifies the destination IPv6 address for the mirrored packets.

source-ipv6 source-ipv6-address: Specifies the source IPv6 address for the mirrored packets.

erspanv3: Encapsulates mirrored packets by using ERSPANv3 when you flow-mirror traffic to an interface.

destination-port destination-port-value: Specifies the destination port number for mirrored packets encapsulated by using VXLAN. The default is 4789.

source-port source-port-value: Specifies the source port number for mirrored packets encapsulated by using VXLAN.

dscp dscp-value: Specifies the DSCP value for the mirrored packets. The dscp-value argument can be a number in the range of 0 to 63 or a keyword in Table 5.

Table 5 DSCP keywords and values

Keyword	DSCP value in binary	DSCP value in decimal
af11	001010	10
af12	001100	12
af13	001110	14
af21	010010	18
af22	010100	20
af23	010110	22
af31	011010	26
af32	011100	28
af33	011110	30
af41	100010	34
af42	100100	36
af43	100110	38
cs1	001000	8
cs2	010000	16
cs3	011000	24
cs4	100000	32
cs5	101000	40
cs6	110000	48
cs7	111000	56
default	000000	0
ef	101110	46

‌

vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094 for the mirrored packets.

vrf-instance vrf-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. The mirrored packets will be forwarded based on the routing table of the specified VPN instance.

ecmp-balance: Performs ECMP load sharing for ERSPAN mirrored packets based on inner packet information when packets are flow-mirrored to an interface.

Usage guidelines

You can execute the mirror-to interface interface-type interface-number command multiple times for a traffic behavior to mirror traffic to different interfaces. (Applicable to devices that support mirroring traffic to multiple interfaces.)

You must use the ecmp-balance keyword of this command together with the ip load-sharing mode per-flow tunnel inner command. If you do not do that, the ECMP load sharing feature does not take effect. For more information about configuring the load sharing mode, see IP forwarding basics in Layer 3—IP Services Configuration Guide.

Examples

# Create traffic behavior 1 and configure the action of mirroring traffic to HundredGigE 1/1/1 for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface hundredgige 1/1/1

# Create traffic behavior 1, and configure the action of mirroring traffic to HundredGigE 1/1/1 for the traffic behavior. Specify the following parameters for the mirrored packets sent to HundredGigE 1/1/1:

·     Specify 1.1.1.1 and 2.2.2.2 as the destination address and source address, respectively.

·     Specify 20, 100, and vrf1 as the DSCP value, VLAN, and the VPN instance name, respectively.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface hundredgige 1/1/1 destination-ip 1.1.1.1 source-ip 2.2.2.2 dscp 20 vlan 100 vrf-instance vrf1

Related commands

ip load-sharing mode per-flow tunnel inner (Layer 3—IP Services Command Reference)

mirroring erspanv3 switch-id

Use mirroring erspanv3 switch-id to configure the switch ID in ERSPANv3 mirrored packets.

Use undo mirroring erspanv3 switch-id to restore the default.

Syntax

mirroring erspanv3 switch-id switch-id

undo mirroring erspanv3

Default

The switch ID in ERSPANv3 mirrored packets is 0.

Views

System view

Predefined user roles

network-admin

Parameters

switch-id: Specifies the switch ID in ERSPANv3 mirrored packets, in the range of 0 to 1023.

Usage guidelines

 

 

In the Layer 3 remote flow mirroring scenario, when packets from multiple source devices are mirrored to the same data monitoring device, the data monitoring device cannot identify the mappings between switch IDs in mirrored packets and source devices by default. As a result, the data mirroring device cannot correctly identify the source device of each mirrored packet. In this case, the administrator can configure this feature on the device to map the switch ID encapsulated in the mirrored packets to the device. Then, the data monitoring device can identify the source device of these mirrored packets.

 

 

 

Examples

# Configure the switch ID in ERSPANv3 mirrored packets as 1.

<Sysname> system-view

[Sysname] mirroring erspanv3 switch-id 1